@civic/auth 0.3.2-beta.2 → 0.3.2-beta.4

package/dist/src/reactjs/providers/CivicAuthProvider.js

@@ -0,0 +1,32 @@
+"use client";
+import React from "react";
+import { AuthProvider } from "@/reactjs/providers/AuthProvider.js";
+import { BrowserPublicClientPKCEProducer } from "@/services/PKCE.js";
+import { UserProvider } from "@/shared/providers/UserProvider.js";
+import { LocalStorageAdapter } from "@/browser/storage.js";
+import { CivicAuthConfigProvider } from "@/shared/providers/CivicAuthConfigContext.js";
+import { IframeProvider } from "@/shared/providers/IframeProvider.js";
+import { ClientTokenExchangeSessionProvider } from "@/reactjs/providers/ClientTokenExchangeSessionProvider.js";
+import { SessionProvider } from "@/shared/providers/SessionProvider.js";
+import { useClientTokenExchangeSession } from "@/reactjs/hooks/useClientTokenExchangeSession.js";
+import { TokenProvider } from "@/shared/providers/TokenProvider.js";
+import { useAuth } from "@/shared/hooks/useAuth.js";
+const WrapperUserProvider = ({ children }) => {
+    const { signIn, signOut, displayMode } = useAuth();
+    return (React.createElement(UserProvider, { storage: new LocalStorageAdapter(), signIn: signIn, signOut: signOut, displayMode: displayMode }, children));
+};
+const WrapperSessionAuthProvider = ({ children, ...props }) => {
+    const sessionData = useClientTokenExchangeSession();
+    return (React.createElement(SessionProvider, { ...sessionData },
+        React.createElement(IframeProvider, { iframeMode: props.iframeMode },
+            React.createElement(AuthProvider, { ...props, pkceConsumer: new BrowserPublicClientPKCEProducer() },
+                React.createElement(TokenProvider, null,
+                    React.createElement(WrapperUserProvider, null, children))))));
+};
+const CivicAuthProvider = ({ children, ...props }) => {
+    return (React.createElement(CivicAuthConfigProvider, { oauthServer: props?.config?.oauthServer, clientId: props?.clientId, redirectUrl: props?.redirectUrl, nonce: props?.nonce, logoutRedirectUrl: props?.logoutRedirectUrl },
+        React.createElement(ClientTokenExchangeSessionProvider, null,
+            React.createElement(WrapperSessionAuthProvider, { ...props }, children))));
+};
+export { CivicAuthProvider };
+//# sourceMappingURL=CivicAuthProvider.js.map

package/dist/src/reactjs/providers/CivicAuthProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CivicAuthProvider.js","sourceRoot":"","sources":["../../../../src/reactjs/providers/CivicAuthProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,8CAA8C,CAAC;AACvF,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AACtE,OAAO,EAAE,kCAAkC,EAAE,MAAM,2DAA2D,CAAC;AAC/G,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,6BAA6B,EAAE,MAAM,kDAAkD,CAAC;AACjG,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AAKpD,MAAM,mBAAmB,GAAG,CAAC,EAAE,QAAQ,EAAiC,EAAE,EAAE;IAC1E,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,OAAO,EAAE,CAAC;IACnD,OAAO,CACL,oBAAC,YAAY,IACX,OAAO,EAAE,IAAI,mBAAmB,EAAE,EAClC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,EAChB,WAAW,EAAE,WAAW,IAEvB,QAAQ,CACI,CAChB,CAAC;AACJ,CAAC,CAAC;AACF,MAAM,0BAA0B,GAAG,CAAC,EAClC,QAAQ,EACR,GAAG,KAAK,EACe,EAAE,EAAE;IAC3B,MAAM,WAAW,GAAG,6BAA6B,EAAE,CAAC;IACpD,OAAO,CACL,oBAAC,eAAe,OAAK,WAAW;QAC9B,oBAAC,cAAc,IAAC,UAAU,EAAE,KAAK,CAAC,UAAU;YAC1C,oBAAC,YAAY,OACP,KAAK,EACT,YAAY,EAAE,IAAI,+BAA+B,EAAE;gBAEnD,oBAAC,aAAa;oBACZ,oBAAC,mBAAmB,QAAE,QAAQ,CAAuB,CACvC,CACH,CACA,CACD,CACnB,CAAC;AACJ,CAAC,CAAC;AACF,MAAM,iBAAiB,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,KAAK,EAA0B,EAAE,EAAE;IAC3E,OAAO,CACL,oBAAC,uBAAuB,IACtB,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EACvC,QAAQ,EAAE,KAAK,EAAE,QAAQ,EACzB,WAAW,EAAE,KAAK,EAAE,WAAW,EAC/B,KAAK,EAAE,KAAK,EAAE,KAAK,EACnB,iBAAiB,EAAE,KAAK,EAAE,iBAAiB;QAE3C,oBAAC,kCAAkC;YACjC,oBAAC,0BAA0B,OAAK,KAAK,IAClC,QAAQ,CACkB,CACM,CACb,CAC3B,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,iBAAiB,EAA+B,CAAC","sourcesContent":["\"use client\";\nimport React from \"react\";\nimport { AuthProvider } from \"@/reactjs/providers/AuthProvider.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { UserProvider } from \"@/shared/providers/UserProvider.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { CivicAuthConfigProvider } from \"@/shared/providers/CivicAuthConfigContext.js\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider.js\";\nimport { ClientTokenExchangeSessionProvider } from \"@/reactjs/providers/ClientTokenExchangeSessionProvider.js\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider.js\";\nimport { useClientTokenExchangeSession } from \"@/reactjs/hooks/useClientTokenExchangeSession.js\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider.js\";\nimport { useAuth } from \"@/shared/hooks/useAuth.js\";\nimport type { AuthProviderProps } from \"@/shared/providers/types.js\";\n\ntype CivicAuthProviderProps = Omit<AuthProviderProps, \"pkceConsumer\">;\n\nconst WrapperUserProvider = ({ children }: { children: React.ReactNode }) => {\n  const { signIn, signOut, displayMode } = useAuth();\n  return (\n    <UserProvider\n      storage={new LocalStorageAdapter()}\n      signIn={signIn}\n      signOut={signOut}\n      displayMode={displayMode}\n    >\n      {children}\n    </UserProvider>\n  );\n};\nconst WrapperSessionAuthProvider = ({\n  children,\n  ...props\n}: CivicAuthProviderProps) => {\n  const sessionData = useClientTokenExchangeSession();\n  return (\n    <SessionProvider {...sessionData}>\n      <IframeProvider iframeMode={props.iframeMode}>\n        <AuthProvider\n          {...props}\n          pkceConsumer={new BrowserPublicClientPKCEProducer()}\n        >\n          <TokenProvider>\n            <WrapperUserProvider>{children}</WrapperUserProvider>\n          </TokenProvider>\n        </AuthProvider>\n      </IframeProvider>\n    </SessionProvider>\n  );\n};\nconst CivicAuthProvider = ({ children, ...props }: CivicAuthProviderProps) => {\n  return (\n    <CivicAuthConfigProvider\n      oauthServer={props?.config?.oauthServer}\n      clientId={props?.clientId}\n      redirectUrl={props?.redirectUrl}\n      nonce={props?.nonce}\n      logoutRedirectUrl={props?.logoutRedirectUrl}\n    >\n      <ClientTokenExchangeSessionProvider>\n        <WrapperSessionAuthProvider {...props}>\n          {children}\n        </WrapperSessionAuthProvider>\n      </ClientTokenExchangeSessionProvider>\n    </CivicAuthConfigProvider>\n  );\n};\n\nexport { CivicAuthProvider, type CivicAuthProviderProps };\n"]}

package/dist/src/reactjs/providers/ClientTokenExchangeSessionProvider.d.ts

@@ -0,0 +1,17 @@
+import type { ReactNode } from "react";
+import React from "react";
+import type { SessionData } from "@/types.js";
+export type ClientTokenExchangeSessionProviderOutput = {
+    data: SessionData | null;
+    error: Error | null;
+    isLoading: boolean;
+    doTokenExchange: null | ((url: string) => Promise<void>);
+};
+declare const ClientTokenExchangeSessionContext: React.Context<ClientTokenExchangeSessionProviderOutput>;
+type ClientTokenExchangeSessionContextType = {
+    children: ReactNode;
+};
+declare const ClientTokenExchangeSessionProvider: ({ children, }: ClientTokenExchangeSessionContextType) => React.JSX.Element;
+export type { ClientTokenExchangeSessionContextType as SessionContextType };
+export { ClientTokenExchangeSessionProvider, ClientTokenExchangeSessionContext, };
+//# sourceMappingURL=ClientTokenExchangeSessionProvider.d.ts.map

package/dist/src/reactjs/providers/ClientTokenExchangeSessionProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClientTokenExchangeSessionProvider.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/providers/ClientTokenExchangeSessionProvider.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,KAMN,MAAM,OAAO,CAAC;AAIf,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAM9C,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;CAC1D,CAAC;AAcF,QAAA,MAAM,iCAAiC,yDACkC,CAAC;AAE1E,KAAK,qCAAqC,GAAG;IAC3C,QAAQ,EAAE,SAAS,CAAC;CACrB,CAAC;AAEF,QAAA,MAAM,kCAAkC,kBAErC,qCAAqC,sBAwJvC,CAAC;AAEF,YAAY,EAAE,qCAAqC,IAAI,kBAAkB,EAAE,CAAC;AAC5E,OAAO,EACL,kCAAkC,EAClC,iCAAiC,GAClC,CAAC"}

package/dist/src/reactjs/providers/ClientTokenExchangeSessionProvider.js

@@ -0,0 +1,148 @@
+"use client";
+import React, { createContext, useCallback, useEffect, useMemo, useState, } from "react";
+import { BrowserAuthenticationService } from "@/services/AuthenticationService.js";
+import { isWindowInIframe } from "@/lib/windowUtil.js";
+import { useCurrentUrl } from "@/shared/hooks/useCurrentUrl.js";
+import { useCivicAuthConfig } from "@/shared/hooks/useCivicAuthConfig.js";
+import { LocalStorageAdapter } from "@/browser/storage.js";
+import { useRefresh } from "../../shared/hooks/useRefresh.js";
+const defaultSession = {
+    data: {
+        authenticated: false,
+        idToken: undefined,
+        accessToken: undefined,
+        displayMode: "iframe",
+    },
+    error: null,
+    isLoading: false,
+    doTokenExchange: null,
+};
+// Context for exposing session specifically to the TokenProvider
+const ClientTokenExchangeSessionContext = createContext(defaultSession);
+const ClientTokenExchangeSessionProvider = ({ children, }) => {
+    const authConfig = useCivicAuthConfig();
+    const [authService, setAuthService] = useState();
+    const [error, setError] = useState(null);
+    const [isLoading, setIsLoading] = useState(false);
+    const [session, setSession] = useState(null);
+    const [isWindowFocused, setIsWindowFocused] = useState(true);
+    useRefresh(session);
+    // handle the window refocusing after redirect
+    useEffect(() => {
+        const handleFocus = () => {
+            setIsWindowFocused(true);
+        };
+        const handleBlur = () => {
+            setIsWindowFocused(false);
+        };
+        window.addEventListener("focus", handleFocus);
+        window.addEventListener("blur", handleBlur);
+        return () => {
+            window.removeEventListener("focus", handleFocus);
+            window.removeEventListener("blur", handleBlur);
+        };
+    }, []);
+    const currentUrl = useCurrentUrl();
+    useEffect(() => {
+        if (!currentUrl || !authConfig)
+            return;
+        const { redirectUrl, clientId, oauthServer, scopes, logoutRedirectUrl, logoutUrl, } = authConfig;
+        BrowserAuthenticationService.build({
+            clientId,
+            redirectUrl,
+            logoutRedirectUrl,
+            logoutUrl,
+            oauthServer,
+            scopes,
+            displayMode: "iframe",
+        }).then(setAuthService);
+    }, [currentUrl, authConfig]);
+    const isInIframe = isWindowInIframe(globalThis.window);
+    const doTokenExchange = useCallback(async (inUrl) => {
+        if (!authService)
+            return;
+        const url = new URL(inUrl);
+        const code = url.searchParams.get("code");
+        const state = url.searchParams.get("state");
+        if (code && state) {
+            try {
+                setIsLoading(true);
+                await authService.tokenExchange(code, state);
+            }
+            catch (error) {
+                setError(error);
+                setSession({ authenticated: false });
+            }
+            setIsLoading(false);
+        }
+    }, [authService]);
+    const onSignIn = useCallback(async () => {
+        if (!authService)
+            return;
+        const session = await authService.getSessionData();
+        setSession(session);
+    }, [authService]);
+    const onSignOut = useCallback(() => {
+        setSession({ authenticated: false });
+    }, []);
+    useEffect(() => {
+        LocalStorageAdapter.emitter.on("signIn", onSignIn);
+        LocalStorageAdapter.emitter.on("signOut", onSignOut);
+        return () => {
+            LocalStorageAdapter.emitter.off("signIn", onSignIn);
+            LocalStorageAdapter.emitter.off("signOut", onSignOut);
+        };
+    }, [onSignIn, onSignOut]);
+    useEffect(() => {
+        if (!authConfig) {
+            setIsLoading(true);
+        }
+        else {
+            setIsLoading(false);
+        }
+    }, [authConfig]);
+    // Handle page load or refocus
+    useEffect(() => {
+        if (!authConfig || !authService || !currentUrl || isInIframe || isLoading) {
+            return;
+        }
+        const abortController = new AbortController();
+        const onPageLoad = async () => {
+            // if we have existing tokens, then validate them and return the session data
+            // otherwise check if we have a code in the url and exchange it for tokens
+            // if we have neither, return undefined
+            const existingSessionData = await authService.validateExistingSession();
+            if (existingSessionData.authenticated) {
+                setSession(existingSessionData);
+                return;
+            }
+            if (abortController.signal.aborted ||
+                !new URL(currentUrl).searchParams.get("code")) {
+                return;
+            }
+            await doTokenExchange(currentUrl);
+        };
+        onPageLoad();
+        return () => {
+            abortController.abort();
+        };
+    }, [
+        authConfig,
+        authService,
+        currentUrl,
+        doTokenExchange,
+        isInIframe,
+        isLoading,
+        isWindowFocused,
+        session?.authenticated,
+    ]);
+    const value = useMemo(() => ({
+        data: session,
+        error,
+        isLoading,
+        doTokenExchange,
+    }), [session, error, isLoading, doTokenExchange]);
+    return (React.createElement(ClientTokenExchangeSessionContext.Provider, { value: value }, children));
+};
+export { ClientTokenExchangeSessionProvider, ClientTokenExchangeSessionContext, };
+//# sourceMappingURL=ClientTokenExchangeSessionProvider.js.map

package/dist/src/reactjs/providers/ClientTokenExchangeSessionProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClientTokenExchangeSessionProvider.js","sourceRoot":"","sources":["../../../../src/reactjs/providers/ClientTokenExchangeSessionProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,KAAK,EAAE,EACZ,aAAa,EACb,WAAW,EACX,SAAS,EACT,OAAO,EACP,QAAQ,GACT,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,4BAA4B,EAAE,MAAM,qCAAqC,CAAC;AAEnF,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAQ9D,MAAM,cAAc,GAA6C;IAC/D,IAAI,EAAE;QACJ,aAAa,EAAE,KAAK;QACpB,OAAO,EAAE,SAAS;QAClB,WAAW,EAAE,SAAS;QACtB,WAAW,EAAE,QAAQ;KACtB;IACD,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,KAAK;IAChB,eAAe,EAAE,IAAI;CACtB,CAAC;AAEF,iEAAiE;AACjE,MAAM,iCAAiC,GACrC,aAAa,CAA2C,cAAc,CAAC,CAAC;AAM1E,MAAM,kCAAkC,GAAG,CAAC,EAC1C,QAAQ,GAC8B,EAAE,EAAE;IAC1C,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IACxC,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,EAA0B,CAAC;IACzE,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAe,IAAI,CAAC,CAAC;IACvD,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClD,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAqB,IAAI,CAAC,CAAC;IACjE,MAAM,CAAC,eAAe,EAAE,kBAAkB,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE7D,UAAU,CAAC,OAAO,CAAC,CAAC;IACpB,8CAA8C;IAC9C,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,WAAW,GAAG,GAAG,EAAE;YACvB,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC,CAAC;QAEF,MAAM,UAAU,GAAG,GAAG,EAAE;YACtB,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC,CAAC;QACF,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAC9C,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAE5C,OAAO,GAAG,EAAE;YACV,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACjD,MAAM,CAAC,mBAAmB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACjD,CAAC,CAAC;IACJ,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU;YAAE,OAAO;QAEvC,MAAM,EACJ,WAAW,EACX,QAAQ,EACR,WAAW,EACX,MAAM,EACN,iBAAiB,EACjB,SAAS,GACV,GAAG,UAAU,CAAC;QACf,4BAA4B,CAAC,KAAK,CAAC;YACjC,QAAQ;YACR,WAAW;YACX,iBAAiB;YACjB,SAAS;YACT,WAAW;YACX,MAAM;YACN,WAAW,EAAE,QAAQ;SACtB,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1B,CAAC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;IAE7B,MAAM,UAAU,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAEvD,MAAM,eAAe,GAAG,WAAW,CACjC,KAAK,EAAE,KAAa,EAAE,EAAE;QACtB,IAAI,CAAC,WAAW;YAAE,OAAO;QACzB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,YAAY,CAAC,IAAI,CAAC,CAAC;gBACnB,MAAM,WAAW,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,QAAQ,CAAC,KAAc,CAAC,CAAC;gBACzB,UAAU,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;YACvC,CAAC;YACD,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,EACD,CAAC,WAAW,CAAC,CACd,CAAC;IAEF,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACtC,IAAI,CAAC,WAAW;YAAE,OAAO;QACzB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,cAAc,EAAE,CAAC;QACnD,UAAU,CAAC,OAAO,CAAC,CAAC;IACtB,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAElB,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE;QACjC,UAAU,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;IACvC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,SAAS,CAAC,GAAG,EAAE;QACb,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACnD,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACrD,OAAO,GAAG,EAAE;YACV,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACpD,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACxD,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;IAE1B,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,YAAY,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;IACjB,8BAA8B;IAC9B,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,IAAI,CAAC,UAAU,IAAI,UAAU,IAAI,SAAS,EAAE,CAAC;YAC1E,OAAO;QACT,CAAC;QACD,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE;YAC5B,6EAA6E;YAC7E,0EAA0E;YAC1E,uCAAuC;YACvC,MAAM,mBAAmB,GAAG,MAAM,WAAW,CAAC,uBAAuB,EAAE,CAAC;YACxE,IAAI,mBAAmB,CAAC,aAAa,EAAE,CAAC;gBACtC,UAAU,CAAC,mBAAmB,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YACD,IACE,eAAe,CAAC,MAAM,CAAC,OAAO;gBAC9B,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAC7C,CAAC;gBACD,OAAO;YACT,CAAC;YACD,MAAM,eAAe,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC,CAAC;QACF,UAAU,EAAE,CAAC;QACb,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC,CAAC;IACJ,CAAC,EAAE;QACD,UAAU;QACV,WAAW;QACX,UAAU;QACV,eAAe;QACf,UAAU;QACV,SAAS;QACT,eAAe;QACf,OAAO,EAAE,aAAa;KACvB,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CAAC,CAAC;QACL,IAAI,EAAE,OAAO;QACb,KAAK;QACL,SAAS;QACT,eAAe;KAChB,CAAC,EACF,CAAC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,CAC7C,CAAC;IAEF,OAAO,CACL,oBAAC,iCAAiC,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,IACrD,QAAQ,CACkC,CAC9C,CAAC;AACJ,CAAC,CAAC;AAGF,OAAO,EACL,kCAAkC,EAClC,iCAAiC,GAClC,CAAC","sourcesContent":["\"use client\";\nimport type { ReactNode } from \"react\";\nimport React, {\n  createContext,\n  useCallback,\n  useEffect,\n  useMemo,\n  useState,\n} from \"react\";\nimport { BrowserAuthenticationService } from \"@/services/AuthenticationService.js\";\nimport type { AuthenticationResolver } from \"@/services/types.js\";\nimport { isWindowInIframe } from \"@/lib/windowUtil.js\";\nimport type { SessionData } from \"@/types.js\";\nimport { useCurrentUrl } from \"@/shared/hooks/useCurrentUrl.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { useRefresh } from \"../../shared/hooks/useRefresh.js\";\n\nexport type ClientTokenExchangeSessionProviderOutput = {\n  data: SessionData | null;\n  error: Error | null;\n  isLoading: boolean;\n  doTokenExchange: null | ((url: string) => Promise<void>);\n};\nconst defaultSession: ClientTokenExchangeSessionProviderOutput = {\n  data: {\n    authenticated: false,\n    idToken: undefined,\n    accessToken: undefined,\n    displayMode: \"iframe\",\n  },\n  error: null,\n  isLoading: false,\n  doTokenExchange: null,\n};\n\n// Context for exposing session specifically to the TokenProvider\nconst ClientTokenExchangeSessionContext =\n  createContext<ClientTokenExchangeSessionProviderOutput>(defaultSession);\n\ntype ClientTokenExchangeSessionContextType = {\n  children: ReactNode;\n};\n\nconst ClientTokenExchangeSessionProvider = ({\n  children,\n}: ClientTokenExchangeSessionContextType) => {\n  const authConfig = useCivicAuthConfig();\n  const [authService, setAuthService] = useState<AuthenticationResolver>();\n  const [error, setError] = useState<Error | null>(null);\n  const [isLoading, setIsLoading] = useState(false);\n  const [session, setSession] = useState<SessionData | null>(null);\n  const [isWindowFocused, setIsWindowFocused] = useState(true);\n\n  useRefresh(session);\n  // handle the window refocusing after redirect\n  useEffect(() => {\n    const handleFocus = () => {\n      setIsWindowFocused(true);\n    };\n\n    const handleBlur = () => {\n      setIsWindowFocused(false);\n    };\n    window.addEventListener(\"focus\", handleFocus);\n    window.addEventListener(\"blur\", handleBlur);\n\n    return () => {\n      window.removeEventListener(\"focus\", handleFocus);\n      window.removeEventListener(\"blur\", handleBlur);\n    };\n  }, []);\n\n  const currentUrl = useCurrentUrl();\n\n  useEffect(() => {\n    if (!currentUrl || !authConfig) return;\n\n    const {\n      redirectUrl,\n      clientId,\n      oauthServer,\n      scopes,\n      logoutRedirectUrl,\n      logoutUrl,\n    } = authConfig;\n    BrowserAuthenticationService.build({\n      clientId,\n      redirectUrl,\n      logoutRedirectUrl,\n      logoutUrl,\n      oauthServer,\n      scopes,\n      displayMode: \"iframe\",\n    }).then(setAuthService);\n  }, [currentUrl, authConfig]);\n\n  const isInIframe = isWindowInIframe(globalThis.window);\n\n  const doTokenExchange = useCallback(\n    async (inUrl: string) => {\n      if (!authService) return;\n      const url = new URL(inUrl);\n      const code = url.searchParams.get(\"code\");\n      const state = url.searchParams.get(\"state\");\n      if (code && state) {\n        try {\n          setIsLoading(true);\n          await authService.tokenExchange(code, state);\n        } catch (error) {\n          setError(error as Error);\n          setSession({ authenticated: false });\n        }\n        setIsLoading(false);\n      }\n    },\n    [authService],\n  );\n\n  const onSignIn = useCallback(async () => {\n    if (!authService) return;\n    const session = await authService.getSessionData();\n    setSession(session);\n  }, [authService]);\n\n  const onSignOut = useCallback(() => {\n    setSession({ authenticated: false });\n  }, []);\n\n  useEffect(() => {\n    LocalStorageAdapter.emitter.on(\"signIn\", onSignIn);\n    LocalStorageAdapter.emitter.on(\"signOut\", onSignOut);\n    return () => {\n      LocalStorageAdapter.emitter.off(\"signIn\", onSignIn);\n      LocalStorageAdapter.emitter.off(\"signOut\", onSignOut);\n    };\n  }, [onSignIn, onSignOut]);\n\n  useEffect(() => {\n    if (!authConfig) {\n      setIsLoading(true);\n    } else {\n      setIsLoading(false);\n    }\n  }, [authConfig]);\n  // Handle page load or refocus\n  useEffect(() => {\n    if (!authConfig || !authService || !currentUrl || isInIframe || isLoading) {\n      return;\n    }\n    const abortController = new AbortController();\n    const onPageLoad = async () => {\n      // if we have existing tokens, then validate them and return the session data\n      // otherwise check if we have a code in the url and exchange it for tokens\n      // if we have neither, return undefined\n      const existingSessionData = await authService.validateExistingSession();\n      if (existingSessionData.authenticated) {\n        setSession(existingSessionData);\n        return;\n      }\n      if (\n        abortController.signal.aborted ||\n        !new URL(currentUrl).searchParams.get(\"code\")\n      ) {\n        return;\n      }\n      await doTokenExchange(currentUrl);\n    };\n    onPageLoad();\n    return () => {\n      abortController.abort();\n    };\n  }, [\n    authConfig,\n    authService,\n    currentUrl,\n    doTokenExchange,\n    isInIframe,\n    isLoading,\n    isWindowFocused,\n    session?.authenticated,\n  ]);\n\n  const value = useMemo(\n    () => ({\n      data: session,\n      error,\n      isLoading,\n      doTokenExchange,\n    }),\n    [session, error, isLoading, doTokenExchange],\n  );\n\n  return (\n    <ClientTokenExchangeSessionContext.Provider value={value}>\n      {children}\n    </ClientTokenExchangeSessionContext.Provider>\n  );\n};\n\nexport type { ClientTokenExchangeSessionContextType as SessionContextType };\nexport {\n  ClientTokenExchangeSessionProvider,\n  ClientTokenExchangeSessionContext,\n};\n"]}

package/dist/src/reactjs/providers/index.d.ts

@@ -0,0 +1,8 @@
+export { UserProvider, UserContext, type UserContextType, } from "@/shared/providers/UserProvider.js";
+export { TokenProvider, TokenContext, type TokenContextType, } from "@/shared/providers/TokenProvider.js";
+export { AuthProvider } from "@/reactjs/providers/AuthProvider.js";
+export { SessionProvider, SessionContext, type SessionContextType, } from "@/shared/providers/SessionProvider.js";
+export { CivicAuthProvider, type CivicAuthProviderProps, } from "@/reactjs/providers/CivicAuthProvider.js";
+export { AuthContext } from "@/shared/providers/AuthContext.js";
+export type { AuthContextType } from "@/shared/providers/AuthContext.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/reactjs/providers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/reactjs/providers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,WAAW,EACX,KAAK,eAAe,GACrB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,aAAa,EACb,YAAY,EACZ,KAAK,gBAAgB,GACtB,MAAM,qCAAqC,CAAC;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AAEnE,OAAO,EACL,eAAe,EACf,cAAc,EACd,KAAK,kBAAkB,GACxB,MAAM,uCAAuC,CAAC;AAE/C,OAAO,EACL,iBAAiB,EACjB,KAAK,sBAAsB,GAC5B,MAAM,0CAA0C,CAAC;AAElD,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AAChE,YAAY,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC"}

package/dist/src/reactjs/providers/index.js

@@ -0,0 +1,7 @@
+export { UserProvider, UserContext, } from "@/shared/providers/UserProvider.js";
+export { TokenProvider, TokenContext, } from "@/shared/providers/TokenProvider.js";
+export { AuthProvider } from "@/reactjs/providers/AuthProvider.js";
+export { SessionProvider, SessionContext, } from "@/shared/providers/SessionProvider.js";
+export { CivicAuthProvider, } from "@/reactjs/providers/CivicAuthProvider.js";
+export { AuthContext } from "@/shared/providers/AuthContext.js";
+//# sourceMappingURL=index.js.map

package/dist/src/reactjs/providers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/reactjs/providers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,WAAW,GAEZ,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EACL,aAAa,EACb,YAAY,GAEb,MAAM,qCAAqC,CAAC;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AAEnE,OAAO,EACL,eAAe,EACf,cAAc,GAEf,MAAM,uCAAuC,CAAC;AAE/C,OAAO,EACL,iBAAiB,GAElB,MAAM,0CAA0C,CAAC;AAElD,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC","sourcesContent":["export {\n  UserProvider,\n  UserContext,\n  type UserContextType,\n} from \"@/shared/providers/UserProvider.js\";\n\nexport {\n  TokenProvider,\n  TokenContext,\n  type TokenContextType,\n} from \"@/shared/providers/TokenProvider.js\";\n\nexport { AuthProvider } from \"@/reactjs/providers/AuthProvider.js\";\n\nexport {\n  SessionProvider,\n  SessionContext,\n  type SessionContextType,\n} from \"@/shared/providers/SessionProvider.js\";\n\nexport {\n  CivicAuthProvider,\n  type CivicAuthProviderProps,\n} from \"@/reactjs/providers/CivicAuthProvider.js\";\n\nexport { AuthContext } from \"@/shared/providers/AuthContext.js\";\nexport type { AuthContextType } from \"@/shared/providers/AuthContext.js\";\n"]}

package/dist/src/server/ServerAuthenticationResolver.d.ts

@@ -0,0 +1,20 @@
+import type { AuthStorage, Endpoints, OIDCTokenResponseBody, SessionData } from "@/types.js";
+import type { AuthConfig } from "@/server/config.js";
+import type { AuthenticationResolver } from "@/services/types.ts";
+export declare class ServerAuthenticationResolver implements AuthenticationResolver {
+    readonly authConfig: AuthConfig;
+    readonly storage: AuthStorage;
+    readonly endpointOverrides?: Partial<Endpoints> | undefined;
+    private pkceProducer;
+    private oauth2client;
+    private endpoints;
+    private constructor();
+    validateExistingSession(): Promise<SessionData>;
+    get oauthServer(): string;
+    init(): Promise<this>;
+    tokenExchange(code: string, state: string): Promise<OIDCTokenResponseBody>;
+    getSessionData(): Promise<SessionData | null>;
+    getEndSessionEndpoint(): Promise<string | null>;
+    static build(authConfig: AuthConfig, storage: AuthStorage, endpointOverrides?: Partial<Endpoints>): Promise<AuthenticationResolver>;
+}
+//# sourceMappingURL=ServerAuthenticationResolver.d.ts.map

package/dist/src/server/ServerAuthenticationResolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ServerAuthenticationResolver.d.ts","sourceRoot":"","sources":["../../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAOrD,OAAO,KAAK,EAAE,sBAAsB,EAAgB,MAAM,qBAAqB,CAAC;AAGhF,qBAAa,4BAA6B,YAAW,sBAAsB;IAMvE,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,QAAQ,CAAC,OAAO,EAAE,WAAW;IAC7B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IAPjD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,SAAS,CAAwB;IAEzC,OAAO;IAOP,uBAAuB,IAAI,OAAO,CAAC,WAAW,CAAC;IAI/C,IAAI,WAAW,IAAI,MAAM,CAExB;IAEK,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBrB,aAAa,CACjB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IAoB3B,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAa7C,qBAAqB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;WAOxC,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,sBAAsB,CAAC;CAUnC"}

package/dist/src/server/ServerAuthenticationResolver.js

@@ -0,0 +1,67 @@
+import { GenericPublicClientPKCEProducer } from "@/services/PKCE.js";
+import { OAuth2Client } from "oslo/oauth2";
+import { exchangeTokens, getEndpointsWithOverrides, retrieveTokens, storeTokens, } from "@/shared/lib/util.js";
+import { DEFAULT_AUTH_SERVER } from "@/constants.js";
+export class ServerAuthenticationResolver {
+    authConfig;
+    storage;
+    endpointOverrides;
+    pkceProducer;
+    oauth2client;
+    endpoints;
+    constructor(authConfig, storage, endpointOverrides) {
+        this.authConfig = authConfig;
+        this.storage = storage;
+        this.endpointOverrides = endpointOverrides;
+        this.pkceProducer = new GenericPublicClientPKCEProducer(storage);
+    }
+    validateExistingSession() {
+        throw new Error("Method not implemented.");
+    }
+    get oauthServer() {
+        return this.authConfig.oauthServer || DEFAULT_AUTH_SERVER;
+    }
+    async init() {
+        // resolve oauth config
+        this.endpoints = await getEndpointsWithOverrides(this.oauthServer, this.endpointOverrides);
+        this.oauth2client = new OAuth2Client(this.authConfig.clientId, this.endpoints.auth, this.endpoints.token, {
+            redirectURI: this.authConfig.redirectUrl,
+        });
+        return this;
+    }
+    async tokenExchange(code, state) {
+        if (!this.oauth2client)
+            await this.init();
+        const codeVerifier = await this.pkceProducer.getCodeVerifier();
+        if (!codeVerifier)
+            throw new Error("Code verifier not found in storage");
+        // exchange auth code for tokens
+        const tokens = await exchangeTokens(code, state, this.pkceProducer, this.oauth2client, // clean up types here to avoid the ! operator
+        this.oauthServer, this.endpoints);
+        await storeTokens(this.storage, tokens);
+        return tokens;
+    }
+    async getSessionData() {
+        const storageData = await retrieveTokens(this.storage);
+        if (!storageData)
+            return null;
+        return {
+            authenticated: !!storageData.id_token,
+            idToken: storageData.id_token,
+            accessToken: storageData.access_token,
+            refreshToken: storageData.refresh_token,
+        };
+    }
+    async getEndSessionEndpoint() {
+        if (!this.endpoints) {
+            return null;
+        }
+        return this.endpoints.endsession;
+    }
+    static async build(authConfig, storage, endpointOverrides) {
+        const resolver = new ServerAuthenticationResolver(authConfig, storage, endpointOverrides);
+        await resolver.init();
+        return resolver;
+    }
+}
+//# sourceMappingURL=ServerAuthenticationResolver.js.map

package/dist/src/server/ServerAuthenticationResolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ServerAuthenticationResolver.js","sourceRoot":"","sources":["../../../src/server/ServerAuthenticationResolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAQ3C,OAAO,EACL,cAAc,EACd,yBAAyB,EACzB,cAAc,EACd,WAAW,GACZ,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,OAAO,4BAA4B;IAM5B;IACA;IACA;IAPH,YAAY,CAAe;IAC3B,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,YACW,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAFtC,eAAU,GAAV,UAAU,CAAY;QACtB,YAAO,GAAP,OAAO,CAAa;QACpB,sBAAiB,GAAjB,iBAAiB,CAAqB;QAE/C,IAAI,CAAC,YAAY,GAAG,IAAI,+BAA+B,CAAC,OAAO,CAAC,CAAC;IACnE,CAAC;IACD,uBAAuB;QACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,IAAI,mBAAmB,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,UAAU,CAAC,QAAQ,EACxB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,SAAU,CAChB,CAAC;QAEF,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAExC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEvD,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;IACnC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAEtC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAC/C,UAAU,EACV,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport type {\n  AuthStorage,\n  Endpoints,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport {\n  exchangeTokens,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n  private pkceProducer: PKCEProducer;\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  private constructor(\n    readonly authConfig: AuthConfig,\n    readonly storage: AuthStorage,\n    readonly endpointOverrides?: Partial<Endpoints>,\n  ) {\n    this.pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  }\n  validateExistingSession(): Promise<SessionData> {\n    throw new Error(\"Method not implemented.\");\n  }\n\n  get oauthServer(): string {\n    return this.authConfig.oauthServer || DEFAULT_AUTH_SERVER;\n  }\n\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.oauthServer,\n      this.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.authConfig.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.authConfig.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n\n    await storeTokens(this.storage, tokens);\n\n    return tokens;\n  }\n\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = await retrieveTokens(this.storage);\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  async getEndSessionEndpoint(): Promise<string | null> {\n    if (!this.endpoints) {\n      return null;\n    }\n    return this.endpoints.endsession;\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n    endpointOverrides?: Partial<Endpoints>,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new ServerAuthenticationResolver(\n      authConfig,\n      storage,\n      endpointOverrides,\n    );\n    await resolver.init();\n\n    return resolver;\n  }\n}\n"]}

package/dist/src/server/config.d.ts

@@ -0,0 +1,10 @@
+import type { Endpoints } from "@/types.ts";
+export type AuthConfig = {
+    clientId: string;
+    redirectUrl: string;
+    oauthServer?: string;
+    challengeUrl?: string;
+    endpointOverrides?: Partial<Endpoints> | undefined;
+    postLogoutRedirectUrl?: string;
+};
+//# sourceMappingURL=config.d.ts.map

package/dist/src/server/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/server/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC;IACnD,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC"}

package/dist/src/server/config.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=config.js.map

package/dist/src/server/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/server/config.ts"],"names":[],"mappings":"","sourcesContent":["import type { Endpoints } from \"@/types.ts\";\n\nexport type AuthConfig = {\n  clientId: string;\n  redirectUrl: string;\n  oauthServer?: string;\n  challengeUrl?: string;\n  endpointOverrides?: Partial<Endpoints> | undefined;\n  postLogoutRedirectUrl?: string;\n};\n"]}

package/dist/src/server/index.d.ts

@@ -0,0 +1,7 @@
+export { CookieStorage } from "@/shared/lib/storage.js";
+export type { SessionStorage, CookieStorageSettings, } from "@/shared/lib/storage.js";
+export { resolveOAuthAccessCode, isLoggedIn, buildLoginUrl, buildLogoutRedirectUrl, } from "@/server/login.js";
+export type { AuthConfig } from "@/server/config.js";
+export { getUser } from "@/shared/lib/session.js";
+export { refreshTokens } from "@/server/refresh.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/server/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,YAAY,EACV,cAAc,EACd,qBAAqB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,UAAU,EACV,aAAa,EACb,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/src/server/index.js

@@ -0,0 +1,7 @@
+import { printVersion } from "@/shared/index.js";
+printVersion();
+export { CookieStorage } from "@/shared/lib/storage.js";
+export { resolveOAuthAccessCode, isLoggedIn, buildLoginUrl, buildLogoutRedirectUrl, } from "@/server/login.js";
+export { getUser } from "@/shared/lib/session.js";
+export { refreshTokens } from "@/server/refresh.js";
+//# sourceMappingURL=index.js.map

package/dist/src/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,YAAY,EAAE,CAAC;AACf,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAKxD,OAAO,EACL,sBAAsB,EACtB,UAAU,EACV,aAAa,EACb,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC","sourcesContent":["import { printVersion } from \"@/shared/index.js\";\nprintVersion();\nexport { CookieStorage } from \"@/shared/lib/storage.js\";\nexport type {\n  SessionStorage,\n  CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\nexport {\n  resolveOAuthAccessCode,\n  isLoggedIn,\n  buildLoginUrl,\n  buildLogoutRedirectUrl,\n} from \"@/server/login.js\";\nexport type { AuthConfig } from \"@/server/config.js\";\nexport { getUser } from \"@/shared/lib/session.js\";\nexport { refreshTokens } from \"@/server/refresh.js\";\n"]}

package/dist/src/server/login.d.ts

@@ -0,0 +1,21 @@
+import type { AuthStorage, OIDCTokenResponseBody } from "@/types.js";
+import type { AuthConfig } from "@/server/config.ts";
+/**
+ * Resolve an OAuth access code to a set of OIDC tokens
+ * @param code The access code, typically from a query parameter in the redirect url
+ * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url
+ * @param storage The place that this server uses to store session data (e.g. a cookie store)
+ * @param config Oauth Server configuration
+ */
+export declare function resolveOAuthAccessCode(code: string, state: string, storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
+export declare function isLoggedIn(storage: AuthStorage): Promise<boolean>;
+export declare function buildLoginUrl(config: Pick<AuthConfig, "clientId" | "redirectUrl"> & Partial<Pick<AuthConfig, "oauthServer">> & {
+    scopes?: string[];
+    state?: string;
+    nonce?: string;
+}, storage: AuthStorage): Promise<URL>;
+export declare function buildLogoutRedirectUrl(config: Pick<AuthConfig, "clientId" | "postLogoutRedirectUrl"> & Partial<Pick<AuthConfig, "oauthServer">> & {
+    scopes?: string[];
+    state?: string;
+}, storage: AuthStorage): Promise<URL>;
+//# sourceMappingURL=login.d.ts.map

package/dist/src/server/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAKrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAEvE;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,aAAa,CAAC,GAClD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAed;AAED,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,uBAAuB,CAAC,GAC5D,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,GAAG;IACzC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACH,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,GAAG,CAAC,CAkBd"}

package/dist/src/server/login.js

@@ -0,0 +1,56 @@
+import { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from "@/constants.js";
+import { GenericAuthenticationInitiator } from "@/services/AuthenticationService.js";
+import { GenericPublicClientPKCEProducer } from "@/services/PKCE.js";
+import { ServerAuthenticationResolver } from "@/server/ServerAuthenticationResolver.js";
+import { OAuthTokens } from "@/shared/lib/types.js";
+/**
+ * Resolve an OAuth access code to a set of OIDC tokens
+ * @param code The access code, typically from a query parameter in the redirect url
+ * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url
+ * @param storage The place that this server uses to store session data (e.g. a cookie store)
+ * @param config Oauth Server configuration
+ */
+export async function resolveOAuthAccessCode(code, state, storage, config) {
+    const authSessionService = await ServerAuthenticationResolver.build({
+        ...config,
+        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
+    }, storage, config.endpointOverrides);
+    return authSessionService.tokenExchange(code, state);
+}
+export async function isLoggedIn(storage) {
+    return !!(await storage.get("id_token"));
+}
+export async function buildLoginUrl(config, storage) {
+    // generate a random state if not provided
+    const state = config.state ?? Math.random().toString(36).substring(2);
+    const scopes = config.scopes ?? DEFAULT_SCOPES;
+    const pkceProducer = new GenericPublicClientPKCEProducer(storage);
+    const authInitiator = new GenericAuthenticationInitiator({
+        ...config,
+        state,
+        scopes,
+        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
+        // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session
+        pkceConsumer: pkceProducer,
+    });
+    return authInitiator.signIn();
+}
+export async function buildLogoutRedirectUrl(config, storage) {
+    // generate a random state if not provided
+    const state = config.state ?? Math.random().toString(36).substring(2);
+    const scopes = config.scopes ?? DEFAULT_SCOPES;
+    const pkceProducer = new GenericPublicClientPKCEProducer(storage);
+    const authInitiator = new GenericAuthenticationInitiator({
+        ...config,
+        state,
+        scopes,
+        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
+        pkceConsumer: pkceProducer,
+        redirectUrl: config.postLogoutRedirectUrl || "/",
+    });
+    const idToken = await storage.get(OAuthTokens.ID_TOKEN);
+    if (!idToken)
+        throw new Error("No id_token found in storage");
+    return authInitiator.signOut(idToken);
+}
+//# sourceMappingURL=login.js.map

package/dist/src/server/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/server/login.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AAExF,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAa,EACb,OAAoB,EACpB,MAAkB;IAElB,MAAM,kBAAkB,GAAG,MAAM,4BAA4B,CAAC,KAAK,CACjE;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,kBAAkB,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAAoB;IACnD,OAAO,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAKG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,cAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,+BAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,8BAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;QACtD,mGAAmG;QACnG,YAAY,EAAE,YAAY;KAC3B,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,MAIG,EACH,OAAoB;IAEpB,0CAA0C;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,cAAc,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,+BAA+B,CAAC,OAAO,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,8BAA8B,CAAC;QACvD,GAAG,MAAM;QACT,KAAK;QACL,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;QACtD,YAAY,EAAE,YAAY;QAC1B,WAAW,EAAE,MAAM,CAAC,qBAAqB,IAAI,GAAG;KACjD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAE9D,OAAO,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AACxC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\nimport { OAuthTokens } from \"@/shared/lib/types.js\";\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n  code: string,\n  state: string,\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const authSessionService = await ServerAuthenticationResolver.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return authSessionService.tokenExchange(code, state);\n}\n\nexport async function isLoggedIn(storage: AuthStorage): Promise<boolean> {\n  return !!(await storage.get(\"id_token\"));\n}\n\nexport async function buildLoginUrl(\n  config: Pick<AuthConfig, \"clientId\" | \"redirectUrl\"> &\n    Partial<Pick<AuthConfig, \"oauthServer\">> & {\n      scopes?: string[];\n      state?: string;\n      nonce?: string;\n    },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n    pkceConsumer: pkceProducer,\n  });\n\n  return authInitiator.signIn();\n}\n\nexport async function buildLogoutRedirectUrl(\n  config: Pick<AuthConfig, \"clientId\" | \"postLogoutRedirectUrl\"> &\n    Partial<Pick<AuthConfig, \"oauthServer\">> & {\n      scopes?: string[];\n      state?: string;\n    },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    pkceConsumer: pkceProducer,\n    redirectUrl: config.postLogoutRedirectUrl || \"/\",\n  });\n\n  const idToken = await storage.get(OAuthTokens.ID_TOKEN);\n  if (!idToken) throw new Error(\"No id_token found in storage\");\n\n  return authInitiator.signOut(idToken);\n}\n"]}

package/dist/src/server/refresh.d.ts

@@ -0,0 +1,7 @@
+import type { AuthStorage, OIDCTokenResponseBody } from "@/types.js";
+import type { AuthConfig } from "@/server/config.ts";
+/**
+ * Refresh the current set of OIDC tokens
+ */
+export declare function refreshTokens(storage: AuthStorage, config: AuthConfig): Promise<OIDCTokenResponseBody>;
+//# sourceMappingURL=refresh.d.ts.map

package/dist/src/server/refresh.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh.d.ts","sourceRoot":"","sources":["../../../src/server/refresh.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAGrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAWhC"}

package/dist/src/server/refresh.js

@@ -0,0 +1,13 @@
+import { DEFAULT_AUTH_SERVER } from "@/constants.js";
+import { GenericAuthenticationRefresher } from "@/shared/lib/GenericAuthenticationRefresher.js";
+/**
+ * Refresh the current set of OIDC tokens
+ */
+export async function refreshTokens(storage, config) {
+    const refresher = await GenericAuthenticationRefresher.build({
+        ...config,
+        oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,
+    }, storage, config.endpointOverrides);
+    return refresher.refreshTokens();
+}
+//# sourceMappingURL=refresh.js.map

package/dist/src/server/refresh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh.js","sourceRoot":"","sources":["../../../src/server/refresh.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,8BAA8B,EAAE,MAAM,gDAAgD,CAAC;AAGhG;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAoB,EACpB,MAAkB;IAElB,MAAM,SAAS,GAAG,MAAM,8BAA8B,CAAC,KAAK,CAC1D;QACE,GAAG,MAAM;QACT,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,mBAAmB;KACvD,EACD,OAAO,EACP,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,OAAO,SAAS,CAAC,aAAa,EAAE,CAAC;AACnC,CAAC","sourcesContent":["import type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { GenericAuthenticationRefresher } from \"@/shared/lib/GenericAuthenticationRefresher.js\";\nimport type { AuthConfig } from \"@/server/config.ts\";\n\n/**\n * Refresh the current set of OIDC tokens\n */\nexport async function refreshTokens(\n  storage: AuthStorage,\n  config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n  const refresher = await GenericAuthenticationRefresher.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? DEFAULT_AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return refresher.refreshTokens();\n}\n"]}